JP2006099348A - Document management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent unauthorized outflow and unauthorized use of digitized documents over the entire life cycle thereof. <P>SOLUTION: This document management system includes a digitized document creating means (S4) for creating digitized documents; a right-to-use setting means (S5) for setting the right to use the digitized documents for every user ID; an encryption means (S6) for encrypting the digitized documents if authentication by a first authentication means is successful; use execution means (S8-S12) for executing the use of the digitized documents in a way that matches the right to use if authentication by a second authentication means is successful; log creation means (S14, S17, S21) for creating logs including operating history information if the use is executed; and a log management means (S21) for tallying and storing the logs created. The system manages the use of all the digitized documents over the entire life cycle from the creation to disposal of the documents by means of the logs. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a document management system, and more particularly, to a document management system for preventing unauthorized outflow and unauthorized use throughout the life cycle of a document using electronic data or paper data.

  As a conventional document management system, there is a means to set the user name and password in the print data, and when the print data with the password set is printed by the printer, the operator is requested to enter the password and correct There has been proposed one in which printing processing is stopped until a password is input (see, for example, Patent Document 1).

  As another document management system, encrypted print data is not printed out, and decrypted print data is printed only when authentication is received (see, for example, Patent Document 2). .)

JP-A-11-2127744 JP 2001-188664 A

  In the conventional document management systems as described above, authentication is performed before printing to ensure security while printing, but security measures for the printed paper itself are considered. Therefore, there is a problem that it is not possible to prevent illegal leakage and unauthorized use of printed paper.

  The present invention has been made to solve such problems, and an object of the present invention is to provide a document management system capable of preventing unauthorized outflow and unauthorized use of an electronic document throughout the life cycle.

  The present invention provides a usage right setting means for setting a usage right for each user ID to a generated electronic document, and a user who inputs user-specific information and encrypts the electronic document with the information. First authentication means for performing authentication, encryption means for encrypting the digitized document when authentication by the first authentication means is successful, user-specific information is input, and the information A second authentication unit that performs user authentication for using the digitized document; and a usage execution that permits the use of the digitized document according to the usage right when authentication by the second authentication unit is successful. And a log generation unit that generates a log including operation history information when the use is executed, and a log management unit that aggregates and stores the generated logs. Of document It is a document management system to collectively manage the usage to disposal from forming.

  The present invention provides a usage right setting means for setting a usage right for each user ID to a generated electronic document, and a user who inputs user-specific information and encrypts the electronic document with the information. First authentication means for performing authentication, encryption means for encrypting the digitized document when authentication by the first authentication means is successful, user-specific information is input, and the information A second authentication unit that performs user authentication for using the digitized document; and a usage execution that permits the use of the digitized document according to the usage right when authentication by the second authentication unit is successful. And a log generation unit that generates a log including operation history information when the use is executed, and a log management unit that aggregates and stores the generated logs. Of document Since this is a document management system that collectively manages the usage status from creation to disposal, it can prevent the illegal outflow and unauthorized use of digitized documents, and ensure that the usage status is maintained even when problems occur. Can be tracked.

Embodiment 1 FIG.
In this embodiment, when a digitized document is registered as a confidential document and the registered confidential document is used, the output is restricted to a predetermined printer only, and the confidential document is discarded by a predetermined shredder. It is possible to manage the life cycle of creation, use, and destruction. In addition, since logs are kept for every operation, all operation histories can be traced completely when problems or troubles occur or during audits. In addition, since a unique content ID is assigned to a confidential document, it is possible to track the operation history of the confidential document. In addition, since operations such as generation, use, and destruction of confidential documents are authenticated by the IC card, it is possible to track who operated. Therefore, it is possible to track which, when, and what to the confidential document, so that it is possible to track when a problem occurs. Since it is possible to track when a problem occurs, it is possible to prevent a user from cheating. As a result, it is possible to prevent unauthorized outflow and unauthorized use throughout the entire life cycle of documents using electronic data or paper data.
Further, in the present embodiment, a confidential document (digitized document) is created by some application, generated by scanning, or generated by FAX reception, and the use of the confidential document is viewed and printed. , Copying, FAX transmission, and discarding by a shredder will be described.
FIG. 1 is a diagram showing an overall configuration of a document management system according to Embodiment 1 of the present invention. As shown in FIG. 1, a plurality of multi-function multifunction peripherals 1 (hereinafter referred to as MFP 1) are connected to a network 3 such as an intranet via a management server 2. Each management server 2 is provided with a card reader 4 for reading information stored in the IC card, and for storing various data such as print data and FAX data, an encryption key, and a log file described later. The memory 5 is provided inside. A plurality of client terminals 6 are connected to the network 3. Each client terminal 6 is provided with a card reader 7 for reading information stored in the IC card and a storage device 8 for storing various data. Further, a shredder 10 having a card reader 9, a file server 11 that stores a document file to be managed, and a totaling server 14 that totals logs including operation histories are connected to the network 3. Furthermore, a time server 13 that manages time stamps is connected to the network 3 via the Internet 12.

FIG. 2 is a schematic configuration diagram showing the configuration of the MFP 1. As illustrated in FIG. 2, the MFP 1 includes a copy unit 20, a scanner unit 21, a FAX unit 22, and a printer unit 23. Note that when the user uses a confidential document to be managed to ensure security, these means 20 to 23 capable of performing secure processing are automatically performed by the management server 2 based on an instruction from the client terminal 6. It is set in advance so that it can be selected (set so that printing and copying by other devices cannot be performed). When using the confidential document, these means 20 to 23 execute the type of operation (browsing, printing, copying, etc.), document name, time used, user name (or user ID) used, execution A log including information such as the number of copies is generated, transmitted to the management server 2, and stored.
FIG. 18 is a system configuration diagram focusing on the management server 2, the client terminal 6, and the file server 11. For simplicity, only one MFP 1, management server 2, client terminal 6, and file server 11 are shown, but FIG. 18 is a partial extract of the configuration of FIG. The authentication means (first authentication means, second authentication means) 31 of the management server 2 performs user authentication using an IC card inserted into the card reader 4, and specifically, an electronic document by scanning. User authentication is performed when the (electronic file) is registered (first authentication unit), and user authentication is performed during copying, FAX transmission, and execution (second authentication unit). The transmission / reception means 32 transmits / receives a file or information between the client terminal 6 and the file server 11, and the usage right setting means 33 gives a unique (single) content ID to the digitized document, and for each user ID. Set usage rights for. Also, the encryption unit 34 encrypts the digitized document in which the usage right is set according to the set usage right, and sets the file obtained as a result of the encryption as the usage right setting file 38.
If the authentication by the authenticating means (second authenticating means) 31 is successful, the usage executing means 35 inquires about the usage right of the content ID assigned to the target usage right setting file 38 thereafter. When the user ID authenticated by the authenticating means (second authenticating means) 31 has the use right of use specified, the corresponding use is permitted. Specifically, the MFP 1 is instructed to execute scanning, printing, copying, and fax transmission, the client terminal 6 is permitted to browse, and the shredder 10 is permitted to be discarded.
The log generation unit 40 generates log information according to usage, and the log management unit 36 stores the log information transmitted from the client terminal 6 and the MFP 1 together in the log file 37. The log management unit 36 receives log information from the MFP 1 for copy, scan, FAX reception, and FAX transmission, generates a log, and stores the designation of the client terminal 6 for printing, and the log management unit 36 stores the log. Generate.
Although not shown in FIG. 18, log information is delivered from Schrader when discarded by Schrader, and log information is delivered from the client terminal 6 during browsing. Such log information is stored as a log file 37. The log file 37 and the usage right setting file 38 are stored in the memory 5 described above.
The authentication unit 41 of the client terminal 6 performs user authentication using an IC card inserted into the card reader 7. Specifically, when the client terminal 6 creates and registers an electronic document (electronic file). User authentication is performed (first authentication unit), and user authentication is performed when a digitized document is viewed and printed (second authentication unit). The transmission / reception means 42 transmits / receives files or information to / from the management server 2 and the file server 11, and the input means 43 uses a display device (not shown) and an input device (not shown) to receive electronic information from the user. Accepts document creation and usage rights input. The digitized document registration unit 44 stores the digitized document in a memory (not shown), for example, as an electronic file 45 by input from the input unit 43.
The transmission / reception means 42 transmits the electronic file 45 and the usage right setting information received by the input means 43 to the management server 2 and receives the usage right setting file 46 from the management server 2. The usage right setting file 46 is stored in a memory (not shown). Further, the log generation means stores a log file 47 related to execution of browsing of the corresponding usage right setting file 46 specified by the user in a memory (not shown).
The transmission / reception means 51 of the file server 11 receives content information 52, user information 53, and a usage right setting file 54 from the management server 2. The content information 52, the user information 53, and the usage right setting file 54 are stored in a memory (not shown).

  FIG. 3 is a diagram showing a rough operation of the document management system according to Embodiment 1 of the present invention. When the management server 2 or the client terminal 6 processes the electronic document by generating or using it, the detailed description will be described with reference to FIG. 5 and subsequent figures, and the overall flow is confirmed in FIG. As shown in FIG. 3, whether an electronic document is created by the client terminal 6 (step S1), paper data is scanned by the scanner unit 21 of the MFP1 (step S2), or FAX reception is performed by the FAX unit 22 of the MFP1. As a result (step S3), the document is digitized to generate an electronic document (step S4). Next, a content ID (digitized document ID), which is unique identification information of the digitized document, is assigned to the generated digitized document, and a usage right for each user is set (step S5). The usage right is set on a screen as shown in FIG. 4, for example. On the screen, for each user, by clicking on the corresponding item column, the “re” point is inserted and set. Before setting the usage right, the user performs a user authentication operation by reading information on the IC card with the card reader 7. The result is transmitted from the client terminal 6 to the management server 2, and after processing such as content ID assignment is performed in the management server 2, the content information 52 and user information 53 are transmitted from the management server 2 to the file server 11. . FIG. 17 shows an example of content information 52 and user information 53 in the file server 11. In this example, a user group composed of a plurality of users is set without setting a usage right for each user, and a usage right is set for each user group. As described above, the file server 11 stores usage right setting information for each user or each user group for each content ID. Next, the usage right setting file 46 generated by encrypting the digitized document is stored in the file server 11 (step S6). Depending on circumstances, the client terminal 6 may be configured to store the usage right setting file 46 in an overlapping manner, or may be stored only in the client terminal 6. At the time of the saving, a log including information such as the document name of the saved document, the content ID, the date and time of saving, the user ID (also the user name if necessary), the ID of the operating device, and the management server ID Is generated and stored in the management server 2. When the user uses an encrypted document, after the user authenticates the user using an IC card (step S7), the user wants to use the content ID to download the document to be used from the file server 11 and obtain the usage right. An instruction for performing the corresponding use is input (steps S8 to S12). In the case of the browsing instruction in step S8, the screen display of the document is executed by the client terminal 6 (step S13), and a log indicating that the browsing is executed is transmitted to the management server 2 (step S14). In the case of the print instruction, the copy instruction, and the FAX transmission instruction in steps S9 to S11, authentication by the IC card is performed (step S15), executed by the MFP 1 (step S16), and a log indicating that the execution has been performed. It is generated in the management server 2 (step S17). In the case of a print document discard instruction by the shredder in step S12, authentication by the IC card is performed by the shredder 10 (step S18), the print document is discarded by the shredder (step S19), and the discard has been performed. Is sent to the management server 2 (step S20). The log information transmitted in steps S14, S17 and S20 is received by the management server 2 and aggregated (step S21). The log includes the content ID of the used document, the date and time of use, the operation details (browsing, printing, copying, FAX transmission, discarding), the user ID (and the user name if necessary), and the ID of the operating device. , Information such as a management server ID is included. As described above, in the present embodiment, when various uses are performed, all of the authentication by the user's IC card is performed, and every time the use is performed, a log is generated, Since it is counted by the management server 2, all records of when and what processing is performed by whom are managed by the management server 2, so that unauthorized use and illegal outflow can be prevented. In addition, each computerized document is assigned a unique content ID that is not duplicated, and the content ID cannot be changed at all. Therefore, the user can change the file name and perform printing. Even if it is done, it is possible to reliably manage which file has been printed.

Next, each operation of FIG. 3 of the document management system according to the present embodiment will be described in detail based on the drawings. First, the processes of steps S1 and S4 to S6 in FIG. 3 will be described in detail with reference to FIG. The user creates an electronic document by using the client terminal 6 (step S31). The document includes, for example, all types of arbitrary electronic documents such as a word document and an Excel book. The digitized document is registered as an electronic file 45 by the digitized document registration means 44. Next, a screen as shown in FIG. 6 is displayed on the Web by the authentication means (first authentication means) 41 and the input means 43 (step S32), and the user inputs a user name and a password on the screen. At the same time, the information in the IC card owned by the user is read by the card reader 7 provided in the client terminal 6 to perform a user authentication operation (step S33). The user name, password and IC card information are transmitted to the management server 2 via the network 3, and the management server 2 performs client authentication and IC card authentication (step S34). If the authentication is successful, the generated document is uploaded from the client terminal 6 to the management server 2 (steps S35 and S36). Next, using the screen of FIG. 4 by the input unit 43, the setting input of the usage right for each user is accepted, and the transmission / reception unit 42 transmits the corresponding electronic file 45 and the usage right setting information to the management server 2 (step). S37, S38). As the types of usage rights, for example, browsing, printing, copying, storing, and the number of times of use can be cited as shown in FIG. In addition to that, although not shown in FIG. 4, FAX transmission, discarding by a shredder, and the like can be mentioned. In the following explanation, all these usage rights are included. Next, the transmission / reception means 32 of the management server 2 receives the corresponding electronic file 45 and the usage right setting information, and the usage right setting means 33 assigns a unique content ID, and based on the usage right setting information, A usage right is set for the electronic file 45 (step S38). Thereafter, according to the usage right set by the encryption unit 34 in step S38, the received electronic file 45 is encrypted using the encryption key for each user stored in the memory 5 to generate the usage right setting file 38 ( Step S39). At the time of the encryption, as shown in FIG. 1, a time stamp is downloaded from the time server 13 via the Internet 12, and an electronic signature is added. The electronic signature is performed using a private key issued from a certificate authority such as a PKI certificate authority and an electronic certificate. In addition, seal data may be added as necessary. Next, the encrypted document is downloaded to the client terminal 6 and stored, or transmitted to the file server 11 and stored. At the same time, the content information and the user information are transmitted to the file server 11, and the file server 11 adds, updates, and stores the content information 52 and the user information 53 (steps S40 and S41). Through the above-described processing, the usage right setting file 38 which is a confidential document is generated. When the usage right setting file 38 is to be used, the usage right setting file 38 is decrypted. However, since the encryption is performed according to the set usage right, after the decryption, the usage right setting file 38 is set. It can be limited to use within a range.
Further, as described above, whether to download to the client terminal 6 or to transmit to the file server 11 and manage in a batch by the file server 11 may accept designation from the user at the time of document creation. In any case, the present embodiment is configured such that the usage right is confirmed and user authentication is performed for each usage, and therefore the storage location of the usage right setting file 46 can be selected each time.
Thereafter, the management server 2 stores the log file 37 including information such as the document name, content ID, date and time of saving, user ID (and user name if necessary), operating device ID, and management server ID. Is generated by the log generation means 40 (step S42), and the document file itself is deleted (step S43). The deletion may be performed each time when steps S40 and S41 are completed, or may be performed at a predetermined period.

  Next, the processing in steps S2 and S4 to S6 in FIG. 3 will be described in detail based on FIG. First, a sheet to be scanned is set in the MFP 1 (step S51). Next, user authentication using an IC card and IC card authentication are performed by the card reader 4 provided in the management server 2 (step S52). Next, a touch panel screen for selecting usage and setting usage rights is displayed on the MFP 1 (step S53), and the user selects scanning in the usage rights by panel selection and selects usage rights (step S53). Step S54). As a result, the scanner unit 21 of the MFP 1 scans the sheet (step S55), and an image file is created (step S56). The image file is converted into an electronic file (step S57). The electronic file and the usage right input in step S53 are transferred to the management server 2 (step S58) and received by the management server 2 (step S59). Next, the usage right setting means 33 assigns a unique content ID to the electronic file, and sets the usage right for each user ID based on the received usage right. Next, the usage right setting means 33 encrypts the electronic file using the encryption key in the memory 5 (step S60), and stores it in the memory 5 as the usage right setting file 38 (step S61). Next, the user holds the IC card over the card reader 7 of the client terminal 6 and performs user authentication (step S62). Thereby, the ports of the management server 2 and the client terminal 6 are opened (steps S63 and S64), and the corresponding application program of the client terminal 6 is started (step S65). Thereafter, the usage right setting file 38 is transferred from the management server 2 to the client terminal 6 (step S66) and received (step S67). The usage right setting file 38 may be transferred to the file server 11 in steps S66 and S67. Thereafter, the log generation unit 40 generates a log file 37 including information such as the document name, content ID, date and time of saving, user ID (and user name as required), operating device ID, and management server ID. Produces. In addition, content information and user information are transmitted to the file server 11, and the file server 11 adds, updates, and stores the content information 52 and user information 53 (step S68). Through the above-described processing, the usage right setting file 38 which is a confidential document is generated.

  Next, the processing of steps S3 to S6 in FIG. 3 will be described in detail based on FIG. First, the MFP 1 receives a FAX document (step S71). The received FAX document is transferred to the reception folder in the memory 5 of the management server 2 set in advance for each FAX sender number (step S72). The management server 2 converts the transferred FAX document (TIF file) into the electronic file 39 (step S73). Next, the management server 2 grants authority set in advance for each reception folder to the electronic file 39 (step S74). FIG. 9 shows an example of a screen for setting authority for each reception folder. By clicking the corresponding item on the screen, the usage right for each user can be set for each reception folder. Next, the usage right setting means 33 assigns a unique content ID to the electronic file 39 and sets the usage right set for each reception folder. Thereafter, the encryption key corresponding to the ID set for each reception folder is extracted from the memory 5 and encrypted to generate the usage right setting file 38 (step S75). Next, the management server 2 transfers FAX reception information for notifying that the FAX terminal has been received to the client terminal 6 of the designated person corresponding to the reception folder (step S76). The information is transferred using a messenger or an electronic mail. When the client terminal 6 of the person in charge receives the FAX reception information (step S77), the user authentication is performed by holding the IC card over the card reader 7 (step S78). If the user authentication is successful, the downloaded application program is activated (step S79), and the port is opened (step S80). At the same time, the port of the management server 2 is opened (step S81), and the usage right setting file 38 received and encrypted by FAX is transferred from the management server 2 to the client terminal 6 (step S82) and received (step S82). S83). When the transfer process in step S <b> 82 is completed, the management server 2 creates a log indicating that the faxed document has been transferred to the client terminal 6 and stores it in the memory 5. In addition, content information and user information are transmitted to the file server 11, and the file server 11 adds, updates, and stores the content information 52 and user information 53 (step S84). The usage right setting file 38 may be transferred to the file server 11 in steps S82 and S83. Through the above-described processing, the usage right setting file 38 which is a confidential document is generated.

  Next, processing in steps S7 to S8, S13 to S14, and S21 in FIG. 3 will be described in detail based on FIG. First, the usage right setting file 38 desired to be used is read by the client terminal 6 (step S91). Next, the IC card is inserted or placed in the card reader 7 (see FIG. 16A), and a user name and password are entered on the screen as shown in FIG. Is performed (step S92). If the authentication is successful, the management server 2 is notified that the user ID and browsing are designated. Based on the content ID and the user ID, the usage execution unit 35 checks whether or not the usage right for browsing is set. When the usage right is set for the user ID, the usage execution unit 35 permits the browsing and sets the usage right setting file. A decryption key for decrypting 38 is issued (step S93). The client terminal 6 receives the decryption key and inputs an instruction for performing use according to the authority (step S94). In FIG. 10, it is assumed that an instruction for browsing is input. As a result, the corresponding confidential document is displayed on the screen of the client terminal 6, and browsing is executed (step S95). Next, the log file 47 indicating that the browsing has been executed is transferred from the client terminal 6 to the management server 2 (step S96). The management server 2 aggregates the log information stored in the log file 47 (step S97), transfers the log data to the aggregation server 14, and stores it there (step S98). The log file 47 stored in the client terminal 6 may be configured to be deleted from a memory (not shown) after being transferred to the management server 2.

Next, processing in steps S7, S9, S15 to S17, and S21 in FIG. 3 will be described in detail based on FIG. First, the usage right setting file 38 desired to be used is designated by the client terminal 6 (step S101). Next, as shown in FIG. 6 (a), the IC card is inserted or placed in the card reader 7, and the user name and password are entered on the screen as shown in FIG. 2 authentication means) 41 performs user authentication and IC card authentication (step S102). When the authentication is successful, the management server 2 is notified that the user ID and the print instruction are specified. Based on the content ID and the user ID, the usage execution unit 35 checks whether or not the usage right for printing is set. When the usage right is set for the user ID, the usage execution unit 35 permits printing and sets the usage right setting file. A decryption key for decrypting 38 is issued (step S103). The client terminal 6 receives the decryption key and inputs an instruction to use it according to the authority (step S104). In FIG. 11, it is assumed that an instruction to perform printing is input (step S105). When inputting a printing instruction, printing is performed by the MFP 1 for secure printing set as a default value without particularly specifying a printer. Alternatively, the user may be able to select from a list of MFPs 1 for secure printing registered in advance, but is set so that other printers or multifunction peripherals cannot be specified. . Next, the authentication means (second authentication means) 41 again authenticates the IC card inserted or placed in the card reader 7 (step S106). When the authentication is successful, the print image creating means (not shown) creates a print image file (step S107). At this time, the user name and content ID authenticated in step S106 are forcibly added to the header or footer of the print image. In addition, when copying, scanning, or FAX transmission is completely prohibited, a copy prohibition code is also forcibly added. Next, the print image encryption means (not shown) encrypts the print image file (step S108). Next, the transmitting / receiving means 42 transmits the encrypted print image file to the management server 2 (step S109), and the management server 2 receives it (step S110). Through the processing up to step S110, the user can output the corresponding print document from the MFP 1 at any time.
When the user tries to output a print document, the authentication means (second authentication means) 31 is requested by screen display or voice guidance to hold the IC card over the card reader 4 of the management server 2. In accordance with the request, the user holds the IC card over the card reader 4 of the management server 2 to perform IC card authentication (step S111). When the authentication is successful, the management server 2 is notified that the user ID and printing have been designated. Based on the content ID and the user ID, the usage execution unit 35 checks whether or not the usage right for printing is set. When the usage right is set for the user ID, the usage execution unit 35 permits the printing and sends it to the MFP 1. Notice. Thereafter, the encrypted print image file is decrypted by the printer unit 23 of the MFP 1, printed, and discharged (output) (step S112). The print image file is deleted. If the authentication is not successful, the printing process is in a standby state. If the authentication is not successful even after a predetermined time has elapsed, the print image file in the management server 2 is automatically deleted. At the time of the printing, the user name (or user ID) and content ID (and copy prohibition code as required) added in step S107 are printed on the header or footer of the print document. Yes. These pieces of information may be printed as characters as they are. However, as shown in FIG. 16C, a code such as a two-dimensional code or a barcode including these pieces of information is generated and printed. You may make it do. At the same time, as shown in FIG. 16C, the user name (or user ID) and the date and time of printing may be printed as a background pattern on the entire surface of the paper medium. Alternatively, the user name (or user ID) and the content ID (and the copy prohibition code, if necessary) are printed as a background pattern on the entire surface of the paper medium instead of the header or footer of the print document. Good. Furthermore, information such as a content ID and a user ID may be printed on both the header or footer of the print document and the entire surface (background pattern) of the paper medium. In this case, the same information may be printed on both, or the user ID and content ID information may be printed on the header or footer of the print document, and the user name and date / time information may be printed on the entire surface (background) of the paper medium. In addition, different information may be printed. The ground pattern may be printed as characters as shown in FIG. 16C, but a code such as a two-dimensional code may be printed. These printings may be performed with black ink, or may be performed with yellow ink or the like that is difficult to visually recognize but sufficiently recognized by the MFP 1 and the shredder 10. Note that the color of the printing ink is not limited to black or yellow, and any color may be used. Therefore, a default color may be set and a configuration that can be appropriately changed by the user may be adopted. . Next, logs indicating that the printing has been executed are aggregated by the log management unit 36 based on the designation information at the client terminal 6 and the input information at the MFP 1 (step S113), and the log data is aggregated. It is transferred to the server 14 and stored there (step S114). In this way, when printing, authentication using an IC card is performed, and after confirming that the right to use is set, the printed paper is ejected. It can be prevented from being taken away or stolen by another person before going to or picking up.
Also, when creating a print image in step 107, a user name and content ID are given to the header or footer, or the user name and the date and time of printing are printed on the entire surface of the paper as a ground pattern. This is to specify the route that was taken out in order to specify the printed user name. Further, by printing the user ID or the like, it is possible to provide a deterrent for taking out confidential documents.

  In the above description, an example in which the printer performs printing for himself / herself has been described. However, the present invention is not limited to this, and other users may be allowed to receive it. That is, the printer designates the recipient when printing is designated and performs printing. At the same time as printing, the management server 2 retrieves user information and transmits a receiving instruction to the recipient by a method designated by the printer. The recipient performs authentication using an IC card in the nearest secure MFP 1 and management server 2 and performs printing. At that time, the print image file is transmitted from the stored management server 2 to the user-authenticated management server 2, so that a print document can be obtained from the nearest MFP 1. If it is not received for a certain period of time, the print image file in the management server 2 is automatically deleted. In the case where the receiving place is a store providing a copy service, and the IC card or mobile phone having a payment function is used for the identity verification, the payment is made simultaneously with the receipt.

  Next, processing in steps S7, S10, S15 to S17, and S21 in FIG. 3 will be described in detail based on FIG. When the user copies the printed document, first, the authentication unit (second authentication unit) 31 performs IC card authentication by holding the IC card over the card reader 4 of the management server 2 (step S1). S121). If the authentication is successful, the MFP 1 is ready for use (step S122). Next, the MFP 1 determines whether or not the set print document has a copy prohibition code (step S123). If there is no copy prohibition code, the management server 2 is notified that the user ID and copy are specified. Based on the content ID and the user ID, the usage execution unit 35 checks whether or not the usage right for copying is set, and permits the copying when the usage right is set for the user ID. Thereby, the copy means 20 of the MFP 1 starts a copy operation (step S124). On the other hand, if there is a copy prohibition code, the processing ends there (that is, the copy is stopped and a message indicating that copying cannot be performed is displayed on the screen of the MFP 1 by specifying copy prohibition). Next, log information indicating that the copy has been executed is transferred from the MFP 1 to the management server 2 (step S125) and totaled (step S126), and the log data is transferred to the totaling server 14 and stored there. (Step S127). It is assumed that the log information at the time of copy processing includes information on the number of copies copied (information on the number of copies).

Next, processing in steps S7, S11, S15 to S17, and S21 in FIG. 3 will be described in detail based on FIG. When the user transmits a printed document by FAX, first, IC card authentication is performed by holding the IC card over the card reader 4 of the management server 2 (step S131). If the authentication is successful, the MFP 1 is ready for use (step S132). Next, the management server 2 displays a list of transmission destinations according to the ID stored in the IC card on the touch panel (step S133). Thereby, the user selects a transmission destination from the list (step S134). That is, the user can select a FAX transmission destination from a list of transmission destinations registered in advance, but is set so that no other transmission destination can be specified. The destination list is predetermined by a user ID or a user group, stored in the user information 53 stored in the file server 11, and the contents of the user information 53 are referred to when FAX transmission is selected. Display a list of possible recipients. Further, the destination facsimile machine or the multifunction machine has a configuration in which a log indicating that the FAX is received remains as in the MFP 1 shown in FIG. Next, the MFP 1 determines whether or not the set print document has a copy prohibition code (step S135). If there is no copy prohibition code, the management server 2 is notified that the user ID and FAX transmission are specified. Based on the content ID and the user ID, the use execution unit 35 checks whether or not the use right for FAX transmission is set, and permits the FAX transmission when the use right is set for the user ID. Thereby, the FAX means 22 of the MFP 1 starts a FAX transmission operation (step S136). On the other hand, if there is a copy prohibition code, the process ends there (that is, FAX transmission is stopped and a message indicating that FAX transmission cannot be performed due to copy prohibition designation is displayed on the screen of MFP 1). Next, log information indicating that the FAX transmission has been executed is transferred from the MFP 1 to the management server 2 (step S138) and totaled (step S139), and the log data is transferred to the totaling server 14, where Stored (step S127). It is assumed that the log information at the time of FAX transmission processing includes information on the transmission destination transmitted by FAX.
In step S136, the usage right is inquired based on the content ID and the user ID, but the usage right for FAX transmission is not set in the usage right setting screen shown in FIG. 4 and the content information 52 in FIG. . Fax transmission corresponds to the copying of confidential documents in the same way as copying. Therefore, FAX transmission is considered to be equivalent to copying, and it is determined whether or not FAX transmission is permitted depending on whether or not a copy usage right is used. Moreover, you may comprise so that FAX transmission may be provided in the type of usage right shown in FIG.4 and FIG.17.

Next, processing in steps S7, S12, and S18 to S21 in FIG. 3 will be described in detail based on FIG. When the user discards the printed document with the shredder, first, the IC card is authenticated by holding the IC card over the card reader 9 of the shredder 10 (step S151). If the authentication is successful, the user sets a discard document in the shredder 10 and turns on the start button (step S152). As a result, the shredder 10 counts the number of discarded documents (step S153). Next, the shredder 10 reads the content ID embedded in the discarded document (step S154). When the reading is completed, the user ID and the content ID read from the IC card are transferred to the management server 2 while holding the discarded document (step S155), and whether or not the discarding by the user is permitted is determined. Determine and approve (step S157). On the other hand, documents that cannot be discarded are discharged from the shredder 10 without being shredded, and a message indicating that shredding processing (discarding processing) cannot be performed is displayed on the screen of the shredder 10. If approved by the management server 2, the shredder 10 starts a shredder operation (step S158). Next, log information indicating that the shredder process has been executed is transferred from the shredder 10 to the management server 2 (step S159) and totaled (step S160), and log data is transferred to the totaling server 14, Therefore, it is stored (step S161). It is assumed that the log information at the time of shredding processing includes information on the number of discarded documents by content ID of discarded discarded documents. In the log information, as described above, all of the number of copies and the number of printed pages remain. Therefore, how many of the printed and copied items are discarded by the shredder 10 and what is left now is recorded. Everything can be managed by the administrator.
In FIG. 1 and FIG. 14, when discarding by the shredder 10, the IC card is authenticated by the card reader 9 provided in the shredder 10, but the shredder 10 is not provided with the card reader 9, and the management server 2 and the shredder 10 may be installed close to each other and the IC card may be authenticated by the card reader 4 of the management server 2.

As described above, in the present embodiment, confidential documents are digitized (originally electronic, scanned paper, received FAX data), and limited to output only to a predetermined printer. By destroying with a predetermined shredder, it is possible to manage the life cycle of generation, use, and destruction of confidential documents. In addition, since logs are kept for every operation, all operation histories can be traced completely when problems or troubles occur or during audits. In addition, a unique content ID is assigned to the digitized document, and unauthorized use is prevented because the usage right is inquired for each use such as browsing, printing, copying, FAX transmission, and shredding. be able to. Further, the operation history of the confidential document can be traced by the content ID. In addition, since operations such as generation, use, and destruction of documents are authenticated by the IC card, it is possible to track who operated. Therefore, it is possible to track which, when, and what to the confidential document, so that it is possible to track when a problem occurs. Since it is possible to track when a problem occurs, it is possible to prevent a user from cheating. As a result, it is possible to prevent unauthorized outflow and unauthorized use throughout the entire life cycle of documents using electronic data or paper data.
In the present embodiment, the digitized document is assumed to be created by some application, generated by scanning, or generated by FAX reception. Regarding the use of digitized documents (usage right setting file), browsing, printing, copying, FAX transmission, and disposal by shredder were described. Electronic document generation and use can be implemented in a part of the present embodiment, or an electronic document can be generated in the management server 2 or the client terminal 6 by a method other than the above.
In the above description, the discard of the printed matter and the copy by the shredder 10 has been described as the discard. However, the electronic data itself of the digitized document stored in the file server 11 or the client terminal 6 may be deleted. The management server 2 stores a log file 37 including information such as the document name of the deleted document, the content ID, the date and time of deletion, the user ID (and the user name if necessary), the ID of the operating device, and the management server ID. Needless to say, the log generation unit 40 generates a record of discarding the electronic data.

Embodiment 2. FIG.
In the first embodiment described above, an example has been described in which the management server 2 is provided for each MFP 1 and logs are individually aggregated and transferred to the aggregation server 14. In this embodiment, as shown in FIG. 15, one of the management servers 2 is set as a parent management server 2A, and the other management server 2 is set as a child management server 2a. All of the generated logs are transferred from the child management server 2a to the parent management server 2A at a predetermined constant cycle, and are totalized by the parent management server 2A. Further, all log information generated by the shredder 10 and the client terminal 6 is also transmitted to the parent management server 2A and aggregated. Since other configurations are the same as those of the first embodiment shown in FIG. 1, the same reference numerals as those in FIG. 1 are given, and description thereof is omitted here.

  The memory 5 of the parent management server 2A stores a user master that stores information about all users and all encryption keys.

  As a result, a log is left for every operation performed at an arbitrary location, and all the logs are aggregated by the parent management server 2A. Therefore, even if the user performs an operation using a different MFP 1 or client terminal 6, the log is not stored. All of the data is transferred to the parent management server 2A and collected there, so that problems and troubles occur, and when the administrator views the log, the whole can be immediately looked at.

  Note that instead of the child management server 2a, only the card reader 4 is installed, information read from the IC card is transferred via the network 3, and authentication processing is performed by the parent management server 2A. Good. Further, the MFP 1 may not be connected to the parent management server 2A, and only log aggregation / management may be performed in the parent management server 2A.

Embodiment 3 FIG.
In the present embodiment, the content ID or the two-dimensional code including the content ID is added to all the paper on which the digitized document is printed or copied. If the user takes out the printed or copied paper to the outside, the scanner unit 21 reads the content ID, generates a log including the information that the paper is taken outside, and manages the server. 2 to send. Thereafter, the user who has returned from the outside reads the content ID again by the scanner unit 21, generates a log including the information that the paper has returned from the outside, and transmits it to the management server 2.

In the present embodiment, when taking a paper on which an electronic document is printed or copied, the content ID printed on the paper is read by the scanner unit 21, and a log is generated and registered. When it is taken home, it is read again by the scanner means 21, and a log indicating that the paper has returned safely is generated and registered. Unauthorized copying can be suppressed.
In the present embodiment, the content ID is read with a two-dimensional code. However, the present invention is not limited to the two-dimensional code, and can be configured with codes generated from the content ID.

Embodiment 4 FIG.
In the present embodiment, the RFID tag is automatically attached to the printed or copied paper by the MFP 1 and an RFID reader is provided at the entrance / exit of the office. As a result, when the paper to which the RFID tag is attached flows out to the outside, all the checks are performed by the RFID reader. Note that usage right information is stored in the RFID tag.

  Also, even if the RFID tag is peeled off and discarded in the trash, it is checked by the RFID reader when the RFID tag is taken out as trash, so at least it can be detected that it has been illegally leaked. it can.

  In this embodiment, it is possible to prevent the paper from being taken out and copied by an external copying machine to be illegally leaked. In the present embodiment, the configuration in which the RFID tag is attached to the confidential document is exemplified. However, the configuration is not limited to the RFID tag, and the RFID tag can be configured with an equivalent code and tags that can detect external take-out.

Embodiment 5. FIG.
In this embodiment, a manager responsible for each digitized document (for example, an encrypted user) is determined in advance, and the email address of the manager is stored for each content ID of each digitized document. Prepare a prepared table. At this time, when each electronic document is printed, copied, or discarded by the shredder, the name of the user who performed the operation, the number of copies (the number of copies, the number of copies, the number of discarded pages), and the current remaining number of copies Is automatically generated by the management server 2 and the shredder 10 and transmitted to the manager.

  In this embodiment, every time printing, copying, or discarding is performed, the usage status is notified to the manager by e-mail, so the manager must always know the usage status. In addition to being able to do so, it will prevent unauthorized use and outflow by third parties.

1 is a configuration diagram showing the overall configuration of a document management system according to Embodiment 1 of the present invention. FIG. 1 is a configuration diagram showing a configuration of an MFP in a document management system according to Embodiment 1 of the present invention. It is the flowchart which showed the flow of the process of the document management system which concerns on Embodiment 1 of this invention. It is explanatory drawing which showed an example of the screen for performing the setting of the usage right in the document management system concerning Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of the digitization document production | generation by the document preparation in the document management system concerning Embodiment 1 of this invention. It is explanatory drawing which showed an example of the screen for performing the authentication in the document management system concerning Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of the digitization document production | generation by the scanning operation in the document management system concerning Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of the electronic document production | generation by FAX reception in the document management system which concerns on Embodiment 1 of this invention. It is explanatory drawing which showed an example of the screen for the attribute setting of the folder for FAX reception in the document management system which concerns on Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of utilization (browsing) of the digitized document also in the document management system which concerns on Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of utilization (printing) of the digitized document in the document management system which concerns on Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of utilization (copy) of the digitized document in the document management system which concerns on Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of utilization (FAX transmission) of the electronic document in the document management system which concerns on Embodiment 1 of this invention. It is the flowchart which showed the flow of the process of utilization (discarding by a shredder) of the digitized document in the document management system which concerns on Embodiment 1 of this invention. It is the block diagram which showed the structure of the whole document management system concerning Embodiment 2 of this invention. It is explanatory drawing which showed the operation | movement of utilization (printing) of the digitized document in the document management system which concerns on Embodiment 1 of this invention. It is explanatory drawing which showed an example of the content information and user information of an electronic document in the document management system which concerns on Embodiment 1 of this invention. 1 is a configuration diagram showing configurations of a management server, a client terminal, a file server, and an MFP of a document management system according to Embodiment 1 of the present invention.

Explanation of symbols

  1 MFP, 2 management server, 2A parent management server, 2a child management server, 3 network, 4,9 card reader, 5 memory, 6 client terminal, 7 card reader, 8 storage device, 10 shredder, 11 file server, 12 Internet , 13 Time server, 14 Total server, 20 Copy means, 21 Scanner means, 22 FAX means, 23 Printer means, 44 Electronic document registration means, 33 Usage right setting means, 31, 41 Authentication means (first authentication means, (Second authentication means), 34 encryption means, 35 use execution means, 40, 48 log generation means 36 log management means.

Claims (6)

Usage right setting means for setting a usage right for each user ID in the generated electronic document;
First authentication means for inputting user-specific information and performing user authentication for encrypting the digitized document with the information;
An encryption means for encrypting the digitized document when authentication by the first authentication means is successful;
Second authentication means for inputting user-specific information and performing user authentication for using the digitized document according to the information;
Use authentication means for permitting use of the digitized document according to the use right when the authentication by the second authentication means is successful;
Log generation means for generating a log including operation history information when the use is executed;
Log management means for totalizing and storing the generated logs, and
A document management system characterized in that the usage status from generation to disposal of the digitized document is collectively managed by the log. A usage right setting unit that assigns a single content ID to the generated electronic document, sets usage rights for each user ID, and generates usage right setting information for each user ID corresponding to the content ID;
First authentication means for inputting user-specific information and performing user authentication for encrypting the digitized document with the information;
An encryption unit for encrypting the digitized document according to the usage right setting information generated by the usage right setting unit and generating a usage right setting file when authentication by the first authentication unit is successful;
Second authentication means for inputting user-specific information and performing user authentication for using the digitized document according to the information;
When the authentication by the second authentication unit is successful, the usage right setting information is inquired based on the content ID set in the usage right setting file, and the user ID authenticated by the second authentication unit is Use execution means for permitting the use of the digitized document when having the use right of the use right setting file;
Log generation means for generating a log including operation history information when the use is executed;
Log management means for totalizing and storing the generated logs, and
A document management system characterized in that the usage status from generation to disposal of the digitized document is collectively managed by the log.   In the usage right setting information, one or a plurality of user IDs having the usage right are specified for use including at least one of browsing, printing, copying, FAX transmission, or discarding of the usage right setting file. The document management system according to claim 1. The use execution means is:
Browsing means for allowing and controlling screen display of the digitized document;
Printing means for permitting and controlling printing of the digitized document;
Copy means for permitting and controlling copying of the digitized document printed by the printing means;
FAX transmission means for permitting and controlling transmission of the electronic document by FAX,
A shredder unit that permits and controls the destruction of the digitized document printed by the printing unit and the digitized document copied by the copy unit;
4. The document management system according to claim 1, wherein at least one of the document management system is included. The log includes a user ID, an electronic document ID, usage details, and usage date and time.
5. The document management system according to claim 4, wherein when the usage contents are printing, copying, and discarding, information on the number of copies is included in the log. The printing means includes means for printing by adding a copy prohibition code when printing the digitized document;
The document management system according to claim 4, wherein the copy unit and the FAX transmission unit stop copying and FAX transmission for a printed matter to which the copy prohibition code is added.

Images